On Saturday, July 11, 2015 8:50 AM, joel jaeggli wrote
...
[5] Section 5:
Fake
DHCP servers / fake RAs are currently a security concern - this
doesn't make them any better or worse.
Please cite a reference for this, preferably with operational
recommendations on limiting these problems (e.g., ensure that DHCP and
RA traffic cannot be injected from outside/beyond the network that is
relevant to the portal).
There is definitely an attack vector there. Suppose an attacker can monitor the
traffic, say on an unencrypted Wi-Fi hot spot. The attacker can see a DHCP
request or INFORM, and race in a fake response with an URL of their own
choosing. The mark's computer automatically connects there, and download some
zero-day attack. Bingo!
-- Christian Huitema